Date
1 - 1 of 1
[PATCH v2 01/12] MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts
|
Michael Kubacki
From: Erich McMillan <emcmillan@...>
Details for these CodeQL alerts can be found here: - Pointer overflow check (cpp/pointer-overflow-check): - https://cwe.mitre.org/data/definitions/758.html - Potential buffer overflow check (cpp/potential-buffer-overflow): - https://cwe.mitre.org/data/definitions/676.html CodeQL alert: - Line 1612 in MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c - Type: Pointer overflow check - Severity: Low - Problem: Range check relying on pointer overflow Cc: Dandan Bi <dandan.bi@...> Cc: Erich McMillan <emcmillan@...> Cc: Jian J Wang <jian.j.wang@...> Cc: Liming Gao <gaoliming@...> Cc: Michael Kubacki <mikuback@...> Cc: Star Zeng <star.zeng@...> Cc: Zhichao Gao <zhichao.gao@...> Cc: Zhiguang Liu <zhiguang.liu@...> Co-authored-by: Michael Kubacki <michael.kubacki@...> Signed-off-by: Erich McMillan <emcmillan@...> Reviewed-by: Liming Gao <gaoliming@...> --- MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c | 11 ++++++++--- MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf | 1 + 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c b/MdeModulePkg/= Universal/SmbiosDxe/SmbiosDxe.c index 1d43adc7662c..c1da2adc296b 100644 --- a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c +++ b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c @@ -8,6 +8,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ =20 #include "SmbiosDxe.h" +#include <Library/SafeIntLib.h> =20 // // Module Global: @@ -1594,6 +1595,7 @@ ParseAndAddExistingSmbiosTable ( CHAR8 *String; EFI_SMBIOS_HANDLE SmbiosHandle; SMBIOS_STRUCTURE_POINTER SmbiosEnd; + UINTN SafeIntResult; =20 mPrivateData.Smbios.MajorVersion =3D MajorVersion; mPrivateData.Smbios.MinorVersion =3D MinorVersion; @@ -1608,9 +1610,12 @@ ParseAndAddExistingSmbiosTable ( // // Make sure not to access memory beyond SmbiosEnd // - if ((Smbios.Raw + sizeof (SMBIOS_STRUCTURE) > SmbiosEnd.Raw) || - (Smbios.Raw + sizeof (SMBIOS_STRUCTURE) < Smbios.Raw)) - { + Status =3D SafeUintnAdd ((UINTN)Smbios.Raw, sizeof (SMBIOS_STRUCTURE= ), &SafeIntResult); + if (EFI_ERROR (Status)) { + return EFI_INVALID_PARAMETER; + } + + if ((SafeIntResult > (UINTN)SmbiosEnd.Raw) || (SafeIntResult < (UINT= N)Smbios.Raw)) { return EFI_INVALID_PARAMETER; } =20 diff --git a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf b/MdeModulePk= g/Universal/SmbiosDxe/SmbiosDxe.inf index c03915a6921f..8b7c74694775 100644 --- a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf +++ b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf @@ -42,6 +42,7 @@ [LibraryClasses] DebugLib PcdLib HobLib + SafeIntLib =20 [Protocols] gEfiSmbiosProtocolGuid ## PRODUCES --=20 2.28.0.windows.1 |
|
|